> This seems like a big deal, no? That is, since SNI is one of the few things > not > protected in the TLS handshake, it does seem spoofable. If there's not > something I'm missing, it seems like the proposal should just drop DVSNI > altogether.
The SNI is protected (part of the message final MAC's) but it is not encrypted. _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme